McGraw-Hill Confirms Data Breach Due to Salesforce Misconfiguration
Education company McGraw-Hill confirmed a data breach after hackers exploited a Salesforce misconfiguration to access a limited dataset from a Salesforce-hosted webpage. The ShinyHunters extortion group claimed to have stolen data from 13.5 million user accounts, including names, emails, addresses, and phone numbers, and threatened to leak it.
Signal context
First seen: Apr 14, 2026
Last updated: Jun 25, 2026
Status: Public signal
Key points
- Salesforce misconfiguration exploited.
- ShinyHunters extortion group responsible.
- 13.5 million user accounts affected.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Educational Services
Likely country: Location not provided
Watch process controls, misconfiguration and accidental disclosure paths.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data
- 5 signals in the same sector
- 95 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Data Breach Roundup (Apr 10-16, 2026) - Privacy Guideshttps://www.privacyguides.org/news/2026/04/17/data-breach-roundup-apr-10-16-2026/Public source from privacyguides.org.
Top 10 Data Breaches of April 2026 - Strobes Securityhttps://strobes.co/blog/top-data-breaches-april-2026/Public source from strobes.co.
Latest Data Breach news - Bleeping Computerhttps://www.bleepingcomputer.com/tag/data-breach/page/2/Public source from bleepingcomputer.com.
List of Recent Data Breaches in 2026 - Bright Defensehttps://www.brightdefense.com/resources/recent-data-breaches/Public source from brightdefense.com.
Related signals
Grouped by why the signal is relevant.
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273)
The ShinyHunters threat group exploited a zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools, a critical remote code execution flaw with a CVSS score of 9.8. The campaign, observed between May 27 and June 9, 2026, targeted over 100 global organizations, with a significant focus on the higher education sector. The vulnerability allowed unauthenticated remote code execution without user interaction. Stolen data from compromised organizations was subsequently published on ShinyHunters' data leak site, and some victims received extortion demands. Oracle released a security advisory on June 10, 2026, after the exploitation was already underway.
Kodak Confirms Data Breach Claimed by ShinyHunters Extortion Gang
Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. The ShinyHunters extortion group claimed responsibility for the incident, threatening to leak over 2.2 million records.
Madison Square Garden Data Leak by ShinyHunters After Ransom Deadline Missed
The ShinyHunters hacking group published nearly 45GB of allegedly stolen Madison Square Garden (MSG) data, including 26 million customer records, customer support emails, and internal 'Talent' files, after MSG reportedly missed a ransom deadline.
Council of Europe investigates ShinyHunters data breach claims
The Council of Europe is investigating claims by the ShinyHunters extortion group of a data breach involving HR and payroll data. ShinyHunters threatened to leak over 429,000 documents, including payslips, CVs, and personnel files, containing sensitive personal and financial information of over 10,000 staff members.
University of Nottingham Confirms Data Breach Affecting Students and Alumni
The University of Nottingham confirmed a data breach where a hacking group gained access to its student records system, affecting both current students and alumni. The ShinyHunters hacker group claimed responsibility, leaking over 450,000 email addresses and other information. The breach is allegedly a result of the broader Oracle PeopleSoft exploitation campaign.
Oracle Discloses Critical PeopleSoft Zero-Day (CVE-2026-35273) Exploited by ShinyHunters
Oracle disclosed a critical unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2026-35273) in its PeopleSoft PeopleTools application on June 10, 2026. The ShinyHunters extortion group actively exploited this zero-day vulnerability to compromise servers and steal data from over 100 organizations, primarily in the education sector. Exploitation was ongoing since at least May 27, 2026, with ShinyHunters claiming to have stolen hundreds of thousands of student records and other sensitive organizational data.